From an exploit perspective, this one was a bit tricky. At first, it seemed very straight forward. Overwritten EIP and ESP pointing to a huge buffer. However, there were only a few JMP ESP or CALL ESPs available in the system executable. The problem was, some of the bytes were being converted from lower case to upper case. This broke all the valid JMPs and CALLs.